Another Snake Oil Candidate

William Arbaugh waa at
Wed Sep 12 20:08:57 EDT 2007

On Sep 12, 2007, at 1:56 AM, Aram Perez wrote:

> The IronKey appears to provide decent security while it is NOT  
> plugged into a PC. But as soon as you plug it in and you have to  
> enter a password to unlock it, the security level quickly drops.  
> This would be the case even if they supported Mac OS or *nix.

Yes- the IronKey like just about EVERY security product right now  
lacks a trusted path. However, they address this by suggesting that you:
	a. Use a "clean" PC to install your passwords into Mozilla's  
password manager, and
	b. use the mozilla's password manager from the USB device.
This mitigates the lack of a trusted path between the user and the  
USB device.

Granted the average user can't discern a "clean" machine from a "non- 
clean" machine. But, I think they've addressed your issue as best  
they can.

The marketing is a bit over the top, but hardly snake oil.


p.s. I have no relationship with Ironkey.

> As I stated in my response to Jerry Leichter, in my opinion, their  
> marketing department is selling snake oil.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list